package com.handy.plugin.auth.action;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.Map.Entry;

import com.handy.plugin.auth.TAuthCache;
import com.handy.plugin.auth.bean.HAuthUser;

/**
 * 拦截器，注入用户权限。
 * @author rocken.zeng@gmail.com
 *
 */
public class AuthorityInterceptor extends Action {

	@SuppressWarnings("unchecked")
	public String execute() {
		if (getSession().getAttribute("user") == null) {//未登录或登录过期
			return "login";
		}
		HAuthUser user = (HAuthUser) getSession().getAttribute("user");
		int userid = user.getId();
		 
		if(user.getRolekind()<3) {//1为超级管理员，2为开发人员
			getAuthority().setAdmin(true);
			return SUCCESS;
		}
		
		String[] roleids = new String[0];
		if (user.getRoleids()!=null){
			roleids = user.getRoleids().split(",");
		}
		//将用户所有权限注入action中。
		HashMap<Integer,HashSet<String>> authids = TAuthCache.getInstance().getAuthids(userid, TAuthCache.MAP_USER_INFO);
		HashMap<Integer,HashMap<String,HashSet<String>>> dynaAuthids = TAuthCache.getInstance().getDynaAuthids(userid, TAuthCache.MAP_DYNA_USER_INFO);
		for(String _roleid : roleids) {//遍历该用户所属角色，查找已分配的权限
			HashMap<Integer,HashSet<String>> roleAuthids = TAuthCache.getInstance().getAuthids(Integer.valueOf(_roleid), TAuthCache.MAP_ROLE_INFO);
			//整理到authids中
			Set<Entry<Integer, HashSet<String>>> entrys = roleAuthids.entrySet();
			for (Map.Entry<Integer, HashSet<String>> entry : entrys) {
				Integer key = entry.getKey();
				HashSet<String> values = entry.getValue();
				if (null!=authids.get(key)){
					authids.get(key).addAll(values);
				}else{
					authids.put(key, values);
				}
			}
			
			HashMap<Integer,HashMap<String,HashSet<String>>> roleDynaAuthids = TAuthCache.getInstance().getDynaAuthids(Integer.valueOf(_roleid), TAuthCache.MAP_DYNA_ROLE_INFO);
			//整理到dynaAuthids中
			Set<Entry<Integer,HashMap<String,HashSet<String>>>> _dEntrys = roleDynaAuthids.entrySet();
			for (Map.Entry<Integer,HashMap<String,HashSet<String>>> entry : _dEntrys) {
				Integer _authid = entry.getKey();
				HashMap<String,HashSet<String>> pcols = entry.getValue();
				if (null != dynaAuthids.get(_authid)){
					Set<Entry<String, HashSet<String>>> _aEntrys = pcols.entrySet();
					for (Map.Entry<String, HashSet<String>> _entry : _aEntrys) {
						String pcol = _entry.getKey();
						HashSet<String> authKinds = _entry.getValue();
						if (null != dynaAuthids.get(_authid).get(pcol)){
							dynaAuthids.get(_authid).get(pcol).addAll(authKinds);
						}else{
							dynaAuthids.get(_authid).put(pcol,authKinds);
						}
					}
				}else{
					dynaAuthids.put(_authid, pcols);
				}
			}
		}
		getAuthority().setAuths(authids);
		getAuthority().setAuthDynas(dynaAuthids);
		
//		String actionName = getActionMapping().getActionName();
//		
//		HashSet<Integer> actionAuthids = null; 
//		//com.handy.plugin.data.ScriptAction特殊处理
//		if ("data/sc".equalsIgnoreCase(actionName)){
//			actionAuthids = TAuthCache.getInstance().getAuthidsFromScriptAction(scriptid);
//		}else{
//			actionAuthids = TAuthCache.getInstance().getAuthidsFromAction(actionName);
//		}
//		if (null != actionAuthids){
//			boolean auth=false;
//			for (Integer _authid:actionAuthids){
//				 
//			}
//			if (!auth) return "noauth";
//		}
		
		
		/*
		 //放弃原因，针对Forword方式的action无法注入权限。
		 //检索将要访问的class以及scid上所有的权限
			//该用户的所有权限编号以及相应权限
			HashMap<Integer,HashSet<String>> userAuthids = TAuthCache.getInstance().getAuthids(userid, TAuthCache.MAP_USER_INFO);
			HashMap<Integer,HashMap<String,HashSet<String>>> userDynaAuthids = TAuthCache.getInstance().getDynaAuthids(userid, TAuthCache.MAP_DYNA_USER_INFO);
			//当前将要执行的action
			String actionclass = getActionMapping().getActionClass();
			//查找该actionclass对应的权限编号
			HashSet<Integer> authids = null; 
			//com.handy.plugin.data.ScriptAction特殊处理
			if ("com.handy.plugin.data.ScriptAction".equalsIgnoreCase(actionclass)){
				authids = TAuthCache.getInstance().getAuthidsFromScriptAction(scriptid);
			}else{
				authids = TAuthCache.getInstance().getAuthidsFromAction(actionclass);
			}
			
			//if(null == authids) return "noauth";//该action没有访问权限，不充许执行。
			
			if (null != authids){//该action上有权限设置，取出所有分配的权限注入到action中。
				//将该用户在该action上拥有的所有权限种类放入Authority.auths , Authority.authDynas
				for (Integer authid:authids){
					//查找该权限编号authid上该角色或用户的所有许可
					//即该用户或角色在该actionclass上的所有权限
					if (null != userAuthids && null != userAuthids.get(authid)){//基本权限节点
						if(getAuthority().getAuths().get(authid)!=null){
							getAuthority().getAuths().get(authid).addAll(userAuthids.get(authid));
						}else{ 
							getAuthority().getAuths().put(authid,userAuthids.get(authid));
						}
					}
					if (null != userDynaAuthids && null != userDynaAuthids.get(authid)){//扩展权限节点
						if(getAuthority().getAuthDynas().get(authid)!=null){
							HashMap<String,HashSet<String>> pcolMaps = userDynaAuthids.get(authid);
							Set<Entry<String, HashSet<String>>> pcols = pcolMaps.entrySet();
							for (Map.Entry<String, HashSet<String>> entry : pcols) {
								String pcolvalue = entry.getKey();
								HashSet<String> authkinds = entry.getValue();
								if (null != getAuthority().getAuthDynas().get(authid).get(pcolvalue)){
									getAuthority().getAuthDynas().get(authid).get(pcolvalue).addAll(authkinds);
								}else{
									getAuthority().getAuthDynas().get(authid).put(pcolvalue, authkinds);
								}
							}
						}else{ 
							getAuthority().getAuthDynas().put(authid,userDynaAuthids.get(authid));
						}
					}
					
					for(String _roleid : roleids) {//遍历该用户所属角色，查找所有角色已分配的权限
						HashMap<Integer,HashSet<String>> roleAuthids = TAuthCache.getInstance().getAuthids(Integer.valueOf(_roleid), TAuthCache.MAP_ROLE_INFO);
						HashMap<Integer,HashMap<String,HashSet<String>>> roleDynaAuthids = TAuthCache.getInstance().getDynaAuthids(Integer.valueOf(_roleid), TAuthCache.MAP_DYNA_ROLE_INFO);
						if (null != roleAuthids && null != roleAuthids.get(authid)){//基本权限节点
							if(getAuthority().getAuths().get(authid)!=null){
								getAuthority().getAuths().get(authid).addAll(roleAuthids.get(authid));
							}else{
								getAuthority().getAuths().put(authid,roleAuthids.get(authid));
							}
						}
						if (null != roleDynaAuthids && null != roleDynaAuthids.get(authid)){//扩展权限节点
							if(getAuthority().getAuthDynas().get(authid)!=null){
								HashMap<String,HashSet<String>> pcolMaps = roleDynaAuthids.get(authid);
								Set<Entry<String, HashSet<String>>> pcols = pcolMaps.entrySet();
								for (Map.Entry<String, HashSet<String>> entry : pcols) {
									String pcolvalue = entry.getKey();
									HashSet<String> authkinds = entry.getValue();
									if (null != getAuthority().getAuthDynas().get(authid).get(pcolvalue)){
										getAuthority().getAuthDynas().get(authid).get(pcolvalue).addAll(authkinds);
									}else{
										getAuthority().getAuthDynas().get(authid).put(pcolvalue, authkinds);
									}
								}
							}else{ 
								getAuthority().getAuthDynas().put(authid,roleDynaAuthids.get(authid));
							}
						}
					}
				}
				if (getAuthority().getAuths().isEmpty() && getAuthority().getAuthDynas().isEmpty()){
					return "nopermission";//该用户没有访问该action的权限。
				}
				
			}
			*/
		 
		return SUCCESS;
	}
	
 
	

}
